OnChain Sentinel logoOnChain Sentinel

Internal Threat Model Rationale

De-risking the Protocol: From Custodian Failure to Cryptoeconomic Security

1. OCS Security Thesis

The OCS Network was engineered to eliminate reliance on external trust. Our security is based on two principles: Total Asset Sovereignty (user controls keys) and Cryptoeconomic Enforcement (protocol punishes dishonesty).

Our primary defense is the PGTAIL Protocol—the custom Sequencer logic that must verify policy before a block is produced.

2. Mitigation of Systemic Risks (Centralized Failures)

The risks that drove the strategic pivot (insider threat, unauthorized transfers) are eliminated by the L2 architecture itself.

Old Threat VectorOCS Protocol Mitigation (Why it's Impossible on OCS)
Custodian/Insider AttackTotal Removal of Custodial Intermediary. Assets are held in user-controlled L2 Smart Accounts.
API Bypass / Policy OverrideProtocol-Native Enforcement. PGTAIL logic is the Sequencer's primary validation function; bypassing it results in Sequencer slashing.
Social Engineering / Key DelegationAccount Abstraction delegation limits keys to specific contracts and velocity limits, enforced by the Sequencer.

3. App-Chain Threats and Defense

The L2 model introduces new threats (Sequencer dishonesty, code integrity) that require cryptoeconomic and modular defense.

Malicious Sequencer

Mitigated by: OCS Token Slashing and L1 Fraud Proofs. Sequencers are financially penalized if they include policy-violating transactions.

Policy Front-Running

Mitigated by: Mandatory Policy Time-Locks. Security-critical policy changes (e.g., adding a whitelist address) are subject to a network-wide delay.

Off-Chain PGTAIL Engine Compromise

Mitigated by: Fail-Safe Separation. The PGTAIL risk score is only an <em>input</em>. The on-chain Smart Account policy is the final veto, which the Engine cannot override.

Solo Founder/Centralized Risk (Phase 1)

Mitigated by: Three-LLC Corporate Structure. IP (Sentinel Software LLC) is legally protected from operational liability (OnChain Sentinel LLC) during the centralized launch phase.

4. Auditability and Compliance

The protocol's structure provides auditable proof of policy enforcement unavailable in traditional finance or centralized crypto.

  • Immutable Audit Log (F3): Every Sequencer decision, including risk scores and policy rejections, is logged on the L2 ledger for post-mortem and compliance review.
  • Transparent Policy: User policies are verifiable on-chain, proving to regulators that necessary controls (e.g., Multi-Sig, sanctions checks) are mathematically enforced.